Up

kduma-OSS · Dec 18, 2023 · a8f17b1 · a8f17b1
1 parent 344888e
commit a8f17b1
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/content/1.systems/2.serverless-satis/3.cloudflare-worker.md b/content/1.systems/2.serverless-satis/3.cloudflare-worker.md
@@ -40,7 +40,9 @@ You need to update `wrangler.toml` file with your own values:
 | `name`                         | Name of your CloudFlare Worker                                                    |
 | `vars.PUBLIC_ACCESS_TO_INDEX`  | If true, index page will be accessible without authentication                     |
 | `vars.PUBLIC_ACCESS_TO_JSON`   | If true, JSON indexes will be accessible without authentication                   |
-| `vars.CHECK_FILE_RESTRICTIONS` | See [selective access](#selective-access)                                         |
+| `vars.CHECK_FILE_RESTRICTIONS` | See [Selective Access](#selective-access)                                         |
+| `vars.STORE_PASSWORDS_HASHED`  | See [Authentication](#authentication)                                             |
+| `vars.ENABLE_USER_ENDPOINT`    | See [User Endpoint](#user-endpoint)                                               |
 | `routes.pattern`               | Domain you want to expose your private repository on (need to use CloudFlare DNS) |
 | `kv_namespaces.id`             | Namespace ID of your Worker KV to read users from                                 |
 | `r2_buckets.bucket_name`       | Name of private bucket where are stored files generated by `s3-satis` tool        |
@@ -54,6 +56,8 @@ compatibility_date = "2023-12-06"
 PUBLIC_ACCESS_TO_INDEX = false
 PUBLIC_ACCESS_TO_JSON = false
 CHECK_FILE_RESTRICTIONS = false
+STORE_PASSWORDS_HASHED = false
+ENABLE_USER_ENDPOINT = false
 
 [[routes]]
 pattern = "<domain>"
@@ -74,7 +78,14 @@ Authentication is done using usernames and passwords stored in [CloudFlare KV](h
 You need to create a KV namespace and bind it to `AUTH` variable in `wrangler.toml` file.
 Worker will read usernames and passwords from KV namespace and use them to authenticate users.
 
-When adding new users to KV, please set username as a key and password as a value (in plain text).
+When adding new users to KV, please set username as a key and password as a value.
+If `STORE_PASSWORDS_HASHED` is set to `true`, you need to hash passwords with SHA-256 before adding them to KV.
+If `STORE_PASSWORDS_HASHED` is set to `false`, passwords are stored in plain text.
+
+### User Endpoint
+
+When `ENABLE_USER_ENDPOINT` is set to `true`, you can use `https://<domain>/user.json` endpoint to check logged-in user, 
+and get list of assigned permissions (for more details see [Selective Access](#selective-access))
 
 ## Selective Access